View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

IT scoffs as C-level declares itself ‘cybersecurity literate’

Computer boffs less convinced that their boss understands cybersecurity risks.

By Jimmy Nicholls

C-level executives at some of America’s largest companies unanimously declared themselves "cybersecurity literate" in a recent survey, despite only a third saying the same of their board overall.

The surprising result – which will invite incredulity from some industry watchers – comes shortly after the worst year for cyberattacks on record in 2014, which saw cybersecurity climb up the corporate agenda and funding for start-ups shoot up.

Dwayne Melançon, chief technology officer for security vendor Tripwire, which conducted the survey, said: "There’s a big difference between cybersecurity awareness and cybersecurity literacy."If the vast majority of executives were really literate about cybersecurity risks, then spear phishing wouldn’t work.

"I think these results are indicative of the growing awareness that the risks connected with cybersecurity are business critical, but it would appear the executives either don’t understand how much they have to learn about cybersecurity, or they don’t want to admit that they that they don’t understand the business impact of these risks.

Outside of the executive board the survey data showed that there were considerable discrepancies between how top decision makers might view things compared to their IT staff, a third of whom rated the board as only "marginally literate" on cybersecurity matters.

"The people closest to the work are most impacted by external security events that require a response," said Tim Erlin, director of IT risk and security strategy at Tripwire.

"IT professionals had to sit up, pay attention and apply patches for Heartbleed, even if they weren’t under active attack. There weren’t a lot of C-level executives who spent the weekend running Heartbleed scans."

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

The study, which interviewed staff of American companies with yearly revenues exceeding $5bn (£3.3bn), also showed that only two-thirds of C-level executives trusted the tools used to display cyber-risks to their board.

Other figures revealed that internal breaches were far more likely to raise awareness of cybersecurity than media coverage of big attacks, with roughly a third of C-level and non C-level executives citing them as having the "biggest impact" on the board’s awareness, compared to around 10% who said the same of the Snowden leaks.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU